Hackers Go Upscale, Infiltrate Neiman Marcus Accounts

Hackers have gone from low-end to high-end retail, as luxury merchant Neiman Marcus became the latest to announce that it’s a victim of a data breach.

This comes on the heels of a disclosure last month by Minneapolis-based discounter Target, which reported hackers gained access to payment card data on about 40 million credit and debit accounts between Nov. 27 and Dec. 15. On Friday, Target updated its breach investigation, saying the names, mailing addresses, email addresses and phone numbers of up to another 70 million customers were stolen in the hack-attack.

Target said its fourth quarter sales were “meaningfully weaker-than expected” following the data breach news.

It’s unclear how many customer accounts have been compromised in the Neiman Marcus episode. The retailer has been working with a forensics firm, which discovered Jan. 1 that criminals infiltrated the system and that “some customers’ cards were possibly compromised,” spokeswoman Ginger Reeder said in an email.

Neiman Marcus is notifying customers when the retailer finds that their cards were used fraudulently, she said.

Consumers count on corporations to keep their personal information secure. There is little customers can do protect themselves from being a victim of a breach if companies don’t do a good job of thwarting hackers.

“It’s not something consumers can prevent, unless they just want to use cash,” said Susan Grant, director of consumer financial protection with the Consumer Federation of America.

Customers of Target and Neiman, though, can take steps to protect themselves post-breach.

The first step: “Don’t panic,” said Chi Chi Wu, a staff attorney for the National Consumer Law Center.

Hackers apparently haven’t gotten ahold of Social Security numbers, so they may not be able to open new lines of credit with your information, Wu said.

To make sure they aren’t making fraudulent charges using your existing accounts, monitor your statements as well as check your card accounts online, Wu said.

Grant recommends that customers be even more proactive.

She advises consumers using credit and debit cards at Target from the day before Thanksgiving to mid-December to request a new account number from the card issuer.

It becomes even more important for debit card users to get a new number, she said. Money comes directly out of bank account when you use a debit card. If a thief drains an account, you won’t have the cash to pay your bills until the problem is cleared up, she said.

Grant said her own bank agrees with that precaution. Her card issuer has a recorded phone message stating that the bank will be changing account numbers automatically for customers who used plastic at Target during the weeks of the data breach, she said.

Also, be wary of emails, phone calls and text messages requesting personal information as part of the Target or any other data breach, Grant added. Though Target is offering free credit monitoring, Grant said consumers should contact the credit monitoring service directly rather than providing information to an unsolicited caller or email. And look up the number for the credit monitoring service rather than using the one provided in an email or text, she said.